Comments on: ShieldsUp http://itsecpackets.com/blog/2008/08/24/shieldsup/ A Progammer explores the IT Security field; offering packets of useful information he picks up along the way. Tue, 06 Jan 2009 10:55:00 +0000 http://wordpress.org/?v=2.5.1 By: Ben Rothke http://itsecpackets.com/blog/2008/08/24/shieldsup/#comment-238 Ben Rothke Tue, 26 Aug 2008 21:19:33 +0000 http://itsecpackets.com/blog/?p=55#comment-238 Ron, Excellent post. But I think though you give too much credence to firewalls when you say, in capital letters no less, that “a firewall ABSOLUTELY ISOLATES your computer from the Internet. The only absolute isolation a firewall can provide is with a ‘deny all’ rule to all traffic. The truth is that one of the biggest dangers of a firewall is that it can provide a false sense of security; if not properly configured. A firewall may have so many rules/holes that it actually functions as nothing more than a router. Firewall expert Marcus Ranum notes that “eventually, if enough data is going back and forth through your firewall, it is no longer a firewall -- it is a router.” Ben Ron,

Excellent post.

But I think though you give too much credence to firewalls when you say, in capital letters no less, that “a firewall ABSOLUTELY ISOLATES your computer from the Internet.

The only absolute isolation a firewall can provide is with a ‘deny all’ rule to all traffic.

The truth is that one of the biggest dangers of a firewall is that it can provide a false sense of security; if not properly configured. A firewall may have so many rules/holes that it actually functions as nothing more than a router.

Firewall expert Marcus Ranum notes that “eventually, if enough data is going back and forth through your firewall, it is no longer a firewall — it is a router.”

Ben

]]>